paycheck: move default pubkey handling inside the library
This is a more sensible choice given that the pubkey ships within the
library directory and hence should not be specified explicitly by an
outside entity (like paycheck). From the practical standpoint, it makes
this useful feature available to clients who use the library directly.
BUG=chromium:241283
TEST=Unit + integration tests
Change-Id: I059302326af1e0e394829466ee97ad2f60de4986
Reviewed-on: https://gerrit.chromium.org/gerrit/56335
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
diff --git a/scripts/paycheck.py b/scripts/paycheck.py
index 9852ded..80a5853 100755
--- a/scripts/paycheck.py
+++ b/scripts/paycheck.py
@@ -52,9 +52,6 @@
'Update Engine. Use --check to verify a payload prior to '
'applying it.'))
- default_key = os.path.join(lib_dir,
- 'update_payload/update-payload-key.pub.pem')
-
check_opts = optparse.OptionGroup(parser, 'Checking payload integrity')
check_opts.add_option('-c', '--check', action='store_true', default=False,
help=('force payload integrity check (e.g. before '
@@ -76,7 +73,7 @@
help=('comma-separated list of tests to disable; '
'available values: ' +
', '.join(update_payload.CHECKS_TO_DISABLE)))
- check_opts.add_option('-k', '--key', metavar='FILE', default=default_key,
+ check_opts.add_option('-k', '--key', metavar='FILE',
help=('Override standard key used for signature '
'validation'))
check_opts.add_option('-m', '--meta-sig', metavar='FILE',
@@ -129,8 +126,7 @@
# There are several options that imply --check.
opts.check = (opts.check or opts.report or opts.assert_type or
opts.block_size or opts.allow_unhashed or
- opts.disabled_tests or opts.meta_sig or
- opts.key != default_key or
+ opts.disabled_tests or opts.meta_sig or opts.key or
opts.root_part_size != _DEFAULT_ROOTFS_PART_SIZE or
opts.kern_part_size != _DEFAULT_KERNEL_PART_SIZE)
@@ -156,9 +152,8 @@
parser.error('unexpected number of arguments')
# By default, look for a metadata-signature file with a name based on the name
- # of the payload we are checking. We only do it when check is triggered and a
- # public key provided, so as not to force a metadata signature to fail.
- if opts.check and opts.key and not opts.meta_sig:
+ # of the payload we are checking. We only do it if check was triggered.
+ if opts.check and not opts.meta_sig:
default_meta_sig = args[0] + '.metadata-signature'
if os.path.isfile(default_meta_sig):
opts.meta_sig = default_meta_sig
diff --git a/scripts/update_payload/checker.py b/scripts/update_payload/checker.py
index a9edce3..eabcedb 100644
--- a/scripts/update_payload/checker.py
+++ b/scripts/update_payload/checker.py
@@ -16,6 +16,7 @@
import array
import base64
import hashlib
+import os
import subprocess
import common
@@ -26,7 +27,7 @@
#
-# Constants / helper functions.
+# Constants.
#
_CHECK_DST_PSEUDO_EXTENTS = 'dst-pseudo-extents'
_CHECK_MOVE_SAME_SRC_DST_BLOCK = 'move-same-src-dst-block'
@@ -42,6 +43,10 @@
_DEFAULT_BLOCK_SIZE = 4096
+_DEFAULT_PUBKEY_BASE_NAME = 'update-payload-key.pub.pem'
+_DEFAULT_PUBKEY_FILE_NAME = os.path.join(os.path.dirname(__file__),
+ _DEFAULT_PUBKEY_BASE_NAME)
+
#
# Helper functions.
@@ -1058,6 +1063,9 @@
PayloadError if payload verification failed.
"""
+ if not pubkey_file_name:
+ pubkey_file_name = _DEFAULT_PUBKEY_FILE_NAME
+
report = _PayloadReport()
# Get payload file size.
@@ -1068,9 +1076,6 @@
try:
# Check metadata signature (if provided).
if metadata_sig_file:
- if not pubkey_file_name:
- raise PayloadError(
- 'no public key provided, cannot verify metadata signature')
metadata_sig = base64.b64decode(metadata_sig_file.read())
self._CheckSha256Signature(metadata_sig, pubkey_file_name,
self.payload.manifest_hasher.digest(),
@@ -1116,9 +1121,6 @@
# Part 5: handle payload signatures message.
if self.check_payload_sig and self.sigs_size:
- if not pubkey_file_name:
- raise PayloadError(
- 'no public key provided, cannot verify payload signature')
self._CheckSignatures(report, pubkey_file_name)
# Part 6: summary.